Security Basics mailing list archives
link to a review of OpenBSD 3.5
From: Kelly Martin <kellymartin () gmail com>
Date: Fri, 30 Jul 2004 11:32:05 -0600
I saw this on Slashdot last week and thought I would post the link here, due to the OpenBSD project's pure focus on security. http://os.newsforge.com/article.pl?sid=04/07/20/180234&tid=8&tid=132 The article has a few minor inaccuracies, but otherwise it's a pretty good review. I would agree that the patching process for security updates is quite good, though many of us who administer numerous OpenBSD servers prefer to follow the -STABLE branch in CVS and recompile our kernel on a monthly basis -- it's actually quite easy, and the documentation to do this is pretty clear. Then you only need to jump on security patches for the most serious vulnerabilities. Note that in OpenBSD, appls like Apache, OpenSSH, OpenSSL, GCC, and many others are installed as part of the core operating system. I've always liked this approach. The advantage is that you can recompile the -STABLE branch of the OS and you'll always be current on your security updates. No need to hunt around for a hundred different updates. An aside -- a few people have asked for my thoughts on a good threaded mail reader for this mailing list. It's entirely personal preference, of course, but I've found GMail to be excellent for following discussion threads. Then it's easy to search the archives too. :) That's what I use myself when I'm not moderating the list... Regards, Kelly Martin --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- link to a review of OpenBSD 3.5 Kelly Martin (Aug 02)